Re: Using OpenBGPD as a route-server
Hi Claudio,
Thanks, this has been helpfull. However i really need that bit of control
from the peer's configuration end.
You wouldn't happen to know how i can achieve the following?:
A peer sends the following communities to the RS: 1234:1234 1234:7547
1234:8392
I want the route-server to send the routes received in the communities (yes
they all contain the same routes) to every peer on the RS, except for those
with AS 7547 and 8392.
Was also wondering why you have that prepend rule in #5 while transparent-as
is configured?
Regards,
Hans
On Wed, Oct 29, 2008 at 12:08 PM, Claudio Jeker [EMAIL PROTECTED]wrote:
On Tue, Oct 28, 2008 at 04:24:02PM +0100, Hans Vosbergen wrote:
Hi Misc,
I am trying to make OpenBGPD work as a route-server for a little hobby
project I am working on.
As it's very hard to find configuration examples for this usage on the
web i
have to turn here.
What I am trying to achieve:
- A route-server acting as a transparent route distributor.
- Control by neighbours who their prefixes are announced to, based on
communities.
Making OpenBGP work as a transparent AS was the easy part. However I'm
stuck
in the communities control part.
How it is supposed to work, my route-server has AS1234 in my test
environment.
If a neighbour announces:
1. { community 1234:1234 } -- Their prefixes will be announced to EVERY
other neighbour.
2. { community 1234:as} -- Their prefixes will ONLY be announced to
AS,
ie: 1234:8943 will only send the prefixes to AS8943.
3. { community 1234:1234 1234:AS } -- Their prefixes will be announced
to
every other neighbour EXCEPT AS.
I have been able to achieve the first 2 ways the prefix control should
work,
but I can't manage to get the 3rd to work. Before moving to OpenBGPD I
managed to produce the way I want it to work in Quagga but I simply do
not
want to use that.
Would anyone have an idea on how to make OpenBGPD not announce prefixes
to
specific neighbours if they appear in the 1234:1234 1234:AS list?
The route server I set up uses more or less this config:
# global configuration
AS $ASNUM
router-id $IP
transparent-as yes
network $LAN
group RS {
announce all
max-prefix 5000 restart 15
set nexthop no-modify
# softreconfig in no
neighbor $LAN {
descr RS peer
passive
}
}
# filter out prefixes longer than 24 or shorter than 8 bits
deny from any prefixlen 8 24
# do not accept a default route, multicast and experimental networks
deny from any prefix 0.0.0.0/0
deny from any prefix 10.0.0.0/8 prefixlen = 8
deny from any prefix 127.0.0.0/8 prefixlen = 8
deny from any prefix 169.254.0.0/16 prefixlen = 16
deny from any prefix 172.16.0.0/12 prefixlen = 12
deny from any prefix 192.0.2.0/24 prefixlen = 24
deny from any prefix 192.168.0.0/16 prefixlen = 16
deny from any prefix 224.0.0.0/4 prefixlen = 4
deny from any prefix 224.0.0.0/4 prefixlen = 4
deny from any prefix 240.0.0.0/4 prefixlen = 4
# we set's these communities to identify from where
# it learned a route:
match from any set community $ASNUM:neighbor-as
# 1. Prepend RS $ASNUM to *all* RS-Peers
match from group RS community $ASNUM:65500 set prepend-self 1
# 2. Prepend RS $ASNUM to *selected* RS-Peer N-times
# (N can be 1 to 3)
match to group RS community 65501:neighbor-as set prepend-self 1
match to group RS community 65502:neighbor-as set prepend-self 2
match to group RS community 65503:neighbor-as set prepend-self 3
# 3. Do *not* announce to RS-Peers with AS
deny to group RS community $ASNUM:neighbor-as
# 4. Do *not* announce to *ANY* RS-Peers
deny to group RS community $ASNUM:65535
# 5. Prepend own announcement by one
match to group RS prefix $LAN set prepend-self 1
Works like a champ without any additional per peer config :)
--
:wq Claudio
Re: Using OpenBGPD as a route-server
On Fri, Oct 31, 2008 at 03:15:21PM +0100, Hans Vosbergen wrote: Hi Claudio, Thanks, this has been helpfull. However i really need that bit of control from the peer's configuration end. You wouldn't happen to know how i can achieve the following?: A peer sends the following communities to the RS: 1234:1234 1234:7547 1234:8392 I want the route-server to send the routes received in the communities (yes they all contain the same routes) to every peer on the RS, except for those with AS 7547 and 8392. deny to group RS community 1234:neighbor-as will result in a lookup of 1234:AS-of-neighbor-the-prefix-would-be-sent-to and so should do the trick. It is (currently) not possible to match 2 communities at once. Was also wondering why you have that prepend rule in #5 while transparent-as is configured? When transparent-as is set, networks that are localy originated are NOT prepended with the own AS so the remote site would receive an empty ASPATH attribute which is not expected on ebgp links. -- :wq Claudio
Re: Using OpenBGPD as a route-server
On Tue, Oct 28, 2008 at 04:24:02PM +0100, Hans Vosbergen wrote:
Hi Misc,
I am trying to make OpenBGPD work as a route-server for a little hobby
project I am working on.
As it's very hard to find configuration examples for this usage on the web i
have to turn here.
What I am trying to achieve:
- A route-server acting as a transparent route distributor.
- Control by neighbours who their prefixes are announced to, based on
communities.
Making OpenBGP work as a transparent AS was the easy part. However I'm stuck
in the communities control part.
How it is supposed to work, my route-server has AS1234 in my test
environment.
If a neighbour announces:
1. { community 1234:1234 } -- Their prefixes will be announced to EVERY
other neighbour.
2. { community 1234:as} -- Their prefixes will ONLY be announced to AS,
ie: 1234:8943 will only send the prefixes to AS8943.
3. { community 1234:1234 1234:AS } -- Their prefixes will be announced to
every other neighbour EXCEPT AS.
I have been able to achieve the first 2 ways the prefix control should work,
but I can't manage to get the 3rd to work. Before moving to OpenBGPD I
managed to produce the way I want it to work in Quagga but I simply do not
want to use that.
Would anyone have an idea on how to make OpenBGPD not announce prefixes to
specific neighbours if they appear in the 1234:1234 1234:AS list?
The route server I set up uses more or less this config:
# global configuration
AS $ASNUM
router-id $IP
transparent-as yes
network $LAN
group RS {
announce all
max-prefix 5000 restart 15
set nexthop no-modify
# softreconfig in no
neighbor $LAN {
descr RS peer
passive
}
}
# filter out prefixes longer than 24 or shorter than 8 bits
deny from any prefixlen 8 24
# do not accept a default route, multicast and experimental networks
deny from any prefix 0.0.0.0/0
deny from any prefix 10.0.0.0/8 prefixlen = 8
deny from any prefix 127.0.0.0/8 prefixlen = 8
deny from any prefix 169.254.0.0/16 prefixlen = 16
deny from any prefix 172.16.0.0/12 prefixlen = 12
deny from any prefix 192.0.2.0/24 prefixlen = 24
deny from any prefix 192.168.0.0/16 prefixlen = 16
deny from any prefix 224.0.0.0/4 prefixlen = 4
deny from any prefix 224.0.0.0/4 prefixlen = 4
deny from any prefix 240.0.0.0/4 prefixlen = 4
# we set's these communities to identify from where
# it learned a route:
match from any set community $ASNUM:neighbor-as
# 1. Prepend RS $ASNUM to *all* RS-Peers
match from group RS community $ASNUM:65500 set prepend-self 1
# 2. Prepend RS $ASNUM to *selected* RS-Peer N-times
# (N can be 1 to 3)
match to group RS community 65501:neighbor-as set prepend-self 1
match to group RS community 65502:neighbor-as set prepend-self 2
match to group RS community 65503:neighbor-as set prepend-self 3
# 3. Do *not* announce to RS-Peers with AS
deny to group RS community $ASNUM:neighbor-as
# 4. Do *not* announce to *ANY* RS-Peers
deny to group RS community $ASNUM:65535
# 5. Prepend own announcement by one
match to group RS prefix $LAN set prepend-self 1
Works like a champ without any additional per peer config :)
--
:wq Claudio
